Need to include a certain field from my Log into the Message part of my log without pulling the entire log in

leandrojmp · January 18, 2025, 12:41pm

Since your message field is a json you could try something like this in your pipeline:

filter {
    mutate {
        add_field => {
            "[message][observer.name]" => "%{[host][name]}"
        }
    }
}

This would add a field named observer.name inside your message field, then your output would be just this: codec => line { format => "%{pipeline} - %{message}"}

Topic		Replies	Views
Add field to the message in logstash Logstash	3	1838	July 6, 2017
Add Logstash host name to JSON formatted logstream Logstash	4	6547	August 21, 2018
Host field not present on logstash event Logstash	2	1378	July 6, 2017
Referencing fields in Metrics output Logstash	7	1077	July 6, 2017
Log4j in integration with logstash Logstash	5	930	July 6, 2017

Need to include a certain field from my Log into the Message part of my log without pulling the entire log in

Related topics